Daniel Convissor
Forum Replies Created
-
Forum: Plugins
In reply to: [Login Security Solution] Admin is locked outI have a feeling you’re behind a load balancer. To verify, SSH into your webserver. Invoke the MySQL client (
mysql -u your_sql_user_name -p your_database_name). Then run this query:SELECT ip, COUNT(*) FROM wp_login_security_solution_fail
GROUP BY ip ORDER BY COUNT(*) DESC;If you have only one row (or very few rows) show up, my hunch is right. To rectify that, please read the installation instructions. You can do so either via the readme.txt file in the plugin or at https://wordpress.org/plugins/login-security-solution/installation/
Forum: Plugins
In reply to: [Login Security Solution] Mutiple apache/php server behind load balancerPlease read the installation instructions. You’ll can do so either via the readme.txt file in the plugin or at https://wordpress.org/plugins/login-security-solution/installation/
Forum: Plugins
In reply to: [Login Security Solution] idle logout issues – no draft saveSorry to hear that.
In my years of computing, I’ve learned to hit the save button (well, the keystrokes for it, in my case) on a frequent basis. Just in case.
Forum: Plugins
In reply to: [Login Security Solution] proxied web serverSir:
See the plugin’s installation instructions. Go to the plugin’s page on wordpress.org and click the “Installation” tab.
Or scroll through old postings in this forum, where this question has been asked before.
Or search the web
"login security solution" proxyand that will lead you to the same places.Good luck,
–Dan
Hi Mike:
Thanks for the report.
1) That’s expected. The person doing the reset is not forced to reset. You’ll need to test with another user.
2) There two scenarios where things are not logged. a) if the
login_fail_minutessetting is set to 0, or b) if the IP/username/password combination is a duplicate of a hit withinlogin_fail_minutes. Do either of these fit your test case?You can uncomment the log lines (they’re preceded by
###) and run your tests again and examine the log file (/var/log/login-security-solution.log).Forum: Plugins
In reply to: [Login Security Solution] 403 when logging inLSS does have a white list, but LSS doesn’t do a 403 redirect. The white list is populated when users reset their passwords. It’s used when someone logs in during an attack. If they’re on the list they don’t have to go through the password reset process.
Forum: Plugins
In reply to: [Login Security Solution] Force change of temporary passwordNope.
I don’t know. You’ll need to test it out. Report back!
Forum: Plugins
In reply to: [Login Security Solution] 403 when logging inLogin Security Solution doesn’t do that.
Forum: Plugins
In reply to: [Login Security Solution] Reset Password Hint Broken (again?)Hi DLo:
On the wp-login.php?action=rp screen and on the wp-admin/profile.php page of my stock install of WordPress 4.2, the LSS password hint text is properly displayed. Perhaps you have a theme that’s not doing “the right thing?”
–Dan
Forum: Plugins
In reply to: [Login Security Solution] database entries limitThat’s something I’ve thought about but haven’t had time implement. Perhaps some day…
Forum: Plugins
In reply to: [Login Security Solution] cannot connect myselfForum: Plugins
In reply to: [Login Security Solution] ow to lock out attacksHi:
This plugin doesn’t really do “lockouts.” Perhaps you’re looking for the “Delay Tier 2” setting?
–Dan
Sir:
I don’t know why your other plugin admin pages are in English. My guess is they’re not translated. Maybe there’s some WordPress setting I don’t know about. If there is a setting you or someone else knows about, let me know.
–Dan
Forum: Plugins
In reply to: [Login Security Solution] Errors when changing passwords once installedI’ve fixed the warning in 0.52.0, which I published a moment ago. You’re seeing that because your web server has “safe_mode” turned on and “display_errors” turned on too. Word of advice: “display_errors” should turned off in production environments.
Thanks for the heads up.